letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
boulder/test/boulder-tools
History
Aaron Gable d4e706eeb8
Update CI to go1.24.4 (#8232) 
Go 1.24.4 is a security release containing fixes to net/http,
os.OpenFile, and x509.Certificate.Verify, all of which we use. We appear
to be unaffected by the specific vulnerabilities described, however. See
the announcement here:
https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A
 		2025-06-09 09:30:33 -07:00
..
flushredis ratelimits: Add a feature-flag which makes key-value implementation authoritative (#7666) 2024-08-22 15:56:30 -04:00
Dockerfile Update golangci-lint to v2 (#8228) 2025-06-06 14:38:15 -07:00
README.md Add govulncheck to CI (#6963) 2023-07-11 09:51:20 -04:00
boulder.rsyslog.conf Add log validator to integration tests (#4782) 2020-04-20 13:33:42 -07:00
build-rust-deps.sh Replace codespell with typos (#7265) 2024-01-17 18:08:22 -08:00
build.sh docker: Update image to Ubuntu 24.04 (#8128) 2025-04-17 13:41:20 -04:00
requirements.txt Replace codespell with typos (#7265) 2024-01-17 18:08:22 -08:00
tag_and_upload.sh Update CI to go1.24.4 (#8232) 2025-06-09 09:30:33 -07:00

README.md

Boulder-Tools Docker Image Utilities

In CI and our development environment we do not rely on the Go environment of the host machine, and instead use Go installed in a container. To simplify things we separate all of Boulder's build dependencies into its own boulder-tools Docker image.

Setup

To build boulder-tools images, you'll need a Docker set up to do cross-platform builds (we build for both amd64 and arm64 so developers with Apple silicon can use boulder-tools in their dev environment).

Ubuntu steps:

sudo apt-get install qemu binfmt-support qemu-user-static
docker buildx create --use --name=cross

After setup, the output of docker buildx ls should contain an entry like:

cross0  unix:///var/run/docker.sock running linux/amd64, linux/386, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6

If you see an entry like:

cross0  unix:///var/run/docker.sock stopped

That's probably fine; the instance will be started when you run tag_and_upload.sh (which runs docker buildx build).

macOS steps:

Developers running macOS 12 and later with Docker Desktop 4 and later should be able to use boulder-tools without any pre-setup.

Go Versions

Rather than install multiple versions of Go within the same boulder-tools container we maintain separate images for each Go version we support.

When a new Go version is available we perform several steps to integrate it to our workflow:

  1. We add it to the GO_VERSIONS array in tag_and_upload.sh.
  2. We run the tag_and_upload.sh script to build, tag, and upload a boulder-tools image for each of the GO_VERSIONS.
  3. We update .github/workflows/boulder-ci.yml to add the new image tag(s).
  4. We update the remaining .github/workflows/ yaml files that use a GO_VERSION matrix with the new version of Go.
  5. We update docker-compose.yml to update the default image tag (optional).

After some time when we have spot checked the new Go release and coordinated a staging/prod environment upgrade with the operations team we can remove the old GO_VERSIONS entries, delete their respective build matrix items, and update docker-compose.yml.